Learning Paths

Blue Team Tools

22 courses
11 hours

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the addition of MITRE Shield, you now have a 360 degree view of attack scenarios and the data and capabilities needed to stop them.

Further details on the MITRE Shield framework can be found at https://shield.mitre.org/

Further details on the MITRE ATT&CK® framework can be found at https://attack.mitre.org/

Our blue team tooling courses focus on the use of a specific industry-standard, open source tool to protect, detect, and respond against targeted threat actor techniques in an enterprise environment. Knowing what a tool is and how it can be integrated into your overall enterprise security strategy will ultimately lend to your ability as an organization or an individual to defend against specific adversary activity.

Courses in this path

Introduction

The first course in this series discusses the use of open source, blue team tools to fill the gaps in your enterprise security, in turn, enable your information security organization to evolve their capabilities as fast as the threat actors you are defending against.

Blue Team Tools: Defense against Adversary Activity Using MITRE Techniques

by Aaron Rosenmund
19m
(25)

Network Analysis

In this section, you will learn about the tools associated with network analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Network Analysis with Arkime

by Josh Stroschein
45m

Network Analysis with pfSense

by Joe Abraham
38m
(13)

OS Analysis

In this section, you will learn about the tools associated with OS analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

OS Analysis with HELK

by Aaron Rosenmund
29m

OS Analysis with RegRipper

by Shoaib Arshad
39m
(19)

OS Analysis with Wazuh 4

by Zach Roof
37m

OS Analysis with Volatility

by Tim Coakley
27m

OS Analysis with The Sleuth Kit & Autopsy

by Ashley Pearson
15m

OS Analysis with osquery

by Joe Abraham
31m

OS Analysis with OSSEC 3

by Michael Edie
24m

OS Analysis with Nagios

by Owen Dubiel
21m

Infrastructure Analysis

In this section, you will learn about the tools associated with infrastructure analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Cloud Infrastructure Analysis with Scout Suite

by Guillaume Ross
29m

Cloud Infrastructure Analysis with Prowler

by Tim Coakley
24m

Container Infrastructure Analysis with kube-hunter

by Zach Roof
42m

Container Infrastructure Analysis with Trivy

by Zach Roof
49m

File Analysis

In this section, you will learn about the tools associated with file analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

File Analysis with TruffleHog

by Tim Coakley
23m

Application Analysis

In this section, you will learn about the tools associated with application analysis to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Application Analysis with Endlessh 1

by Laurentiu Raducu
16m

Application Analysis with ModSecurity

by Michael Edie
24m

Application Analysis with SonarQube

by George Smith
34m
(34)

Incident Management

In this section, you will learn about the tools associated with incident management to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Incident Management with TheHive

by Nick Mitropoulos
27m

Threat Intelligence

In this section, you will learn about the tools associated with threat intelligence to detect related data source TTPs and actively meet the adversary's activity with a response before you encounter it.

Threat Intelligence with MSTICPy

by Ian Hellen
33m

Threat Intelligence with MISP

by Phil Chapman
21m

Learn with the best

Aaron Rosenmund

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more

Josh Stroschein

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer at Google (Chronicle), where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and... more

Joe Abraham

Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who ... more

Shoaib Arshad

Shoaib is a Senior Cyber Security Professional currently based in Saudi Arabia. He has more than a decade of experience in the Information Security domain, and worked in various roles such as Security Engineer, Pentester, Forensic Examiner, Incident Handler, IT Auditor and also as a Cyber Security Consultant. His certifications include GCCC, GCFE and Lead Auditor for ISO - 27001/22301/20000. He is also a member of the GIAC Advisory Board. Shoaib is passionate about teaching and finds value in sh... more

Zach Roof

Zach describes himself as “an ordinary guy who’s extraordinarily curious about technology.” This curiosity has led to roles in Software Development, Application Security, DevOps, and Security Engineering. Currently, Zach is the Lead Security Engineer at Credible where he helps lead the security vision of a highly sensitive Fintech product. Outside of his day job, Zach has spoken at SyntaxCon, created cybersecurity tutorials through Securing The Stack, led an AWS Meetup group, and has provided cy... more

Tim Coakley

Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at Pluralsight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases. Parallel to this Tim ran a research and development business creating solutions from design through to support resulting in some unique and niche software not developed anywhere else. Tim now works fully within t... more

Ashley Pearson

Ashley Pearson is a former system administrator turned threat hunter. She has spent the past 3 years of her 8+ year IT career specializing in cyber security. She currently works as a threat hunter and occasional incident responder or forensic analyst. She continues to feed her passion by actively participating in the InfoSec community, attending conferences, and pursuing higher education. Outside of work, Ashley enjoys running, video games, and reading.

Michael Edie

Michael Edie, aka “the mechanic,” is a 23-year US Army Veteran and Information Security Engineer. He currently serves as a Technical Lead in a Cyber Operations Organization and President of the Augusta Information Systems Security Association (ISSA) chapter. Previously, he has served on Digital Forensics and Incident Response (DFIR), threat hunt, and compliance inspection teams. Michael is passionate about Information Security and enjoys contributing to the community through his blog at https://... more

Owen Dubiel

Owen is a security practitioner at heart, who also enjoys being able to teach others about cyber security best practices and techniques. He has recently found that doing online teaching has been one of the most fulfilling experiences in his working life. He loves being able to spread the good word of security to any and all that are willing to learn it!

Guillaume Ross

Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc. Having worked in multiple verticals, from Fortune 50 to startups, his specialty is providing the right security program and architecture for each specific environment and company, and leading blue teams.

Laurentiu Raducu

It all began in highschool, when Laurentiu first started his path in the computer science journey. Initially he started with C++, and fell in love quickly with the prospect of learning to develop software. Thanks to his passion for chess, his first computer program was a console-based ASCII chess game developed in C++. After a while, during university, Laurentiu started to experiment with other OOP programming languages, like Java, Kotlin or Python. He started to play with different tech stacks ... more

George Smith

George Smith has spent more than 25 years in the IT industry. During this time he has held a variety of positions, starting with web UI development and business analysis, progressing with system administration and infrastructure, then switching to core systems programming, technical consulting, and finally becoming an E-Commerce Architect and Subject Matter Expert. He is well versed in modern trends like Containerization, Infrastructure as Code, Serverless computing models, and more. George demo... more

Nick Mitropoulos

Nick is the CEO of Scarlet Dragonfly and has numerous years of experience in security training, cyber security, incident handling, vulnerability management, security operations, threat intelligence and data loss prevention. He is a certified ISC2 & EC-Council instructor, a GIAC advisory board member, an EC-Council global CISO member, a CEH Hall of Fame holder, a senior IEEE member and has an MSc in Advanced Security and Digital Forensics from Edinburgh Napier University.

Ian Hellen

Ian is a Principal Software Engineer in the Microsoft Threat Intelligence Centre (MSTIC). He has worked in security for 20 years and has been with MSTIC for the past 5 years (from infrastructure/network consulting to building compiler plug-ins and authoring detections and detection systems). He's the creator and joint-author/maintainer of MSTICPy - Python CyberSec tools for Jupyter notebooks - and spends most of his time creating notebooks and enhancing and fixing MSTICPy. In the time left over... more

Phil Chapman

Phil Chapman is a senior instructor. He is responsible for the delivery of a range of courses including official Microsoft, CompTIA, EC Council and BCS official certifications. He is also the subject matter expert and project lead for the bespoke Law Enforcement Cyber Security training packages which are delivered to UK Law Enforcement agencies and forces. He holds a variety of IT Technical and Security qualifications across many fields. Phil spent 23 years in the Royal Air Force as an Intellige... more

Contact Sales